Jump to content

Recommended Posts

Im wondering if i am infected or how to tell if i am and how to prevent it in the future. attached is my latest mbam log and here is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:47:19 PM, on 10/7/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe

C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll (file missing)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll (file missing)

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"

O4 - HKLM\..\Run: [standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Google Chrome.lnk = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

--

End of file - 12220 bytes

mbam-log-2011-10-05 (20-10-42).txt

Link to post
Share on other sites

edit-

here is my latest mbam log.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7896

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/7/2011 6:18:50 PM

mbam-log-2011-10-07 (18-18-50).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 561659

Time elapsed: 1 hour(s), 43 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7924

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/11/2011 4:39:44 PM

mbam-log-2011-10-11 (16-39-44).txt

Scan type: Quick scan

Objects scanned: 263102

Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7924

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/11/2011 4:39:44 PM

mbam-log-2011-10-11 (16-39-44).txt

Scan type: Quick scan

Objects scanned: 263102

Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Quick scan results

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27

Run by Zachary at 16:46:14 on 2011-10-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.1811 [GMT -4:00]

.

AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe

C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe

C:\windows\system32\igfxext.exe

C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\windows\system32\DllHost.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE

c:\program files\windows defender\MpCmdRun.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\sppsvc.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://aol.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [DW6]

uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"

mRun: [standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3

TCP: Interfaces\{4AFEE2A6-4653-4E3A-B6E3-0A44B9959166} : DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3

TCP: Interfaces\{4AFEE2A6-4653-4E3A-B6E3-0A44B9959166}\0527966716475602E4564777F627B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4AFEE2A6-4653-4E3A-B6E3-0A44B9959166}\0534D24454D2C4F49435942535F5259E37561657 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4AFEE2A6-4653-4E3A-B6E3-0A44B9959166}\E4544574541425 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll

BHO-X64: SMTTB2009 - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"

mRun-x64: [standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Zachary\AppData\Roaming\Mozilla\Firefox\Profiles\hy1gigcm.default\

FF - prefs.js: browser.startup.homepage - facebook.com

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]

R2 ssfmonm;ssfmonm;C:\windows\system32\DRIVERS\ssfmonm.sys --> C:\windows\system32\DRIVERS\ssfmonm.sys [?]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-7-6 3996864]

R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-8-11 3381184]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2009-10-24 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]

S3 ActionReplayDS;ActionReplayDS;C:\windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\windows\system32\Drivers\ActionReplayDS_x64.sys [?]

S3 CamdAudio;CamdAudio;C:\windows\system32\drivers\CamdAudio.sys --> C:\windows\system32\drivers\CamdAudio.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\windows\system32\DRIVERS\RsFx0103.sys --> C:\windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-10-11 20:01:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7EED8098-411F-4AD4-B8F9-9602F6B7E773}\offreg.dll

2011-10-11 20:01:53 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7EED8098-411F-4AD4-B8F9-9602F6B7E773}\mpengine.dll

2011-10-11 19:08:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB1ADEE4-77D9-4FA9-856B-ED8EF783CCB3}\offreg.dll

2011-10-11 19:07:31 -------- d-----w- C:\Users\Zachary\AppData\Local\{D3EBDC9B-F1F4-4402-A8F4-29158DDEBCEB}

2011-10-11 19:07:12 -------- d-----w- C:\Users\Zachary\AppData\Local\{6D03A7E9-6686-4571-8D30-946AE19EC173}

2011-10-11 19:06:58 -------- d-----w- C:\Users\Zachary\AppData\Local\{65F3663D-A53E-43DE-A7C5-A0DDE2D96F98}

2011-10-11 19:05:31 -------- d-----w- C:\Users\Zachary\AppData\Local\{C80AAEE1-AAA1-4D7E-8AC0-C31F55469A11}

2011-10-10 19:09:36 -------- d-----w- C:\Users\Zachary\AppData\Local\{F40A54C7-5432-4ECD-BA81-BF4390E03D55}

2011-10-10 19:09:19 -------- d-----w- C:\Users\Zachary\AppData\Local\{17A25D5C-ACE7-46A9-85AE-7E01057E6A28}

2011-10-10 19:09:05 -------- d-----w- C:\Users\Zachary\AppData\Local\{94232B15-90AA-4230-B546-5D991BBC0086}

2011-10-10 19:07:26 -------- d-----w- C:\Users\Zachary\AppData\Local\{9D5333DD-F57B-470F-AB91-61163151223B}

2011-10-09 14:51:59 -------- d-----w- C:\Users\Zachary\AppData\Local\{A161F48A-D273-4A49-BA3B-C984C1BDE923}

2011-10-09 14:51:49 -------- d-----w- C:\Users\Zachary\AppData\Local\{0F3F99D6-C725-4918-86C0-0C00E586815B}

2011-10-09 14:51:39 -------- d-----w- C:\Users\Zachary\AppData\Local\{1A2178CD-42DE-499D-84FD-037A40738CF0}

2011-10-09 14:51:16 -------- d-----w- C:\Users\Zachary\AppData\Local\{1B008FF1-73F9-4D60-BCAA-07A810400C3B}

2011-10-08 14:50:12 -------- d-----w- C:\Users\Zachary\AppData\Local\{FD47ADF8-7A15-4040-97D5-207B85886EAE}

2011-10-08 14:49:53 -------- d-----w- C:\Users\Zachary\AppData\Local\{B75B3F04-A6A5-4A8E-A795-FD9AEEA0EE09}

2011-10-08 14:49:42 -------- d-----w- C:\Users\Zachary\AppData\Local\{247553DF-06C2-4CA9-92BD-456EBB586C9B}

2011-10-08 14:48:24 -------- d-----w- C:\Users\Zachary\AppData\Local\{1989A670-667C-4907-9DF0-841A76D7B5CA}

2011-10-08 00:00:47 517960 ----a-w- C:\windows\System32\XAudio2_5.dll

2011-10-08 00:00:24 176968 ----a-w- C:\windows\System32\xactengine3_5.dll

2011-10-07 23:57:59 235352 ----a-w- C:\windows\SysWow64\xactengine3_4.dll

2011-10-07 23:56:40 -------- d-----w- C:\Users\Zachary\AppData\Roaming\.minecraft

2011-10-07 23:46:31 -------- d-----w- C:\windows\SysWow64\directx

2011-10-07 21:46:49 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-10-07 19:06:46 9049936 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB1ADEE4-77D9-4FA9-856B-ED8EF783CCB3}\mpengine.dll

2011-10-07 19:03:37 -------- d-----w- C:\Users\Zachary\AppData\Local\{5C7197BB-2141-45A5-9C9C-41752620C597}

2011-10-07 19:03:25 -------- d-----w- C:\Users\Zachary\AppData\Local\{444ACE45-CB16-4FBE-8431-8BBD58366D97}

2011-10-07 19:03:15 -------- d-----w- C:\Users\Zachary\AppData\Local\{378D84C9-1439-4E24-A271-4940118F7988}

2011-10-07 19:02:50 -------- d-----w- C:\Users\Zachary\AppData\Local\{0DB561E0-B1F8-45E4-8384-1A03010118DA}

2011-10-06 11:12:41 -------- d-----w- C:\Users\Zachary\AppData\Local\{EB15CE59-DCED-4C4B-9438-3FA16339421F}

2011-10-06 11:12:31 -------- d-----w- C:\Users\Zachary\AppData\Local\{51F6C9A2-610A-4587-B870-C86EB5CF6417}

2011-10-06 11:12:22 -------- d-----w- C:\Users\Zachary\AppData\Local\{D6CF1294-BAB9-488D-B948-7F67033F16CF}

2011-10-06 11:12:00 -------- d-----w- C:\Users\Zachary\AppData\Local\{D317F7E4-64A8-41DD-B3C5-6C485C07D50B}

2011-10-06 01:14:58 28827 ----a-w- C:\InformationalData.tmp

2011-10-06 01:14:58 2704 ----a-w- C:\DetectionData.tmp

2011-10-05 20:13:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-10-05 19:46:28 -------- d-----w- C:\Users\Zachary\AppData\Local\{945BEA80-2A67-4EAE-889C-C224E3BA7446}

2011-10-05 19:46:19 -------- d-----w- C:\Users\Zachary\AppData\Local\{E7B85FF5-E865-4DF0-B7FD-5F1E233040E2}

2011-10-04 19:04:18 -------- d-----w- C:\Users\Zachary\AppData\Local\{1CED1D83-1D99-418F-B317-3F770EEB53B7}

2011-10-04 19:04:05 -------- d-----w- C:\Users\Zachary\AppData\Local\{A1B3C65A-CBCE-4C02-85A8-F622D142EF4E}

2011-10-04 19:03:54 -------- d-----w- C:\Users\Zachary\AppData\Local\{828DD885-6695-4403-A803-6C3EC56DB425}

2011-10-04 19:02:05 -------- d-----w- C:\Users\Zachary\AppData\Local\{FDE265BA-8585-43A4-9FA0-9143CE63E647}

2011-10-03 19:03:18 -------- d-----w- C:\Users\Zachary\AppData\Local\{D3BD12C0-826F-4113-9B9E-71127C0486C6}

2011-10-03 19:03:07 -------- d-----w- C:\Users\Zachary\AppData\Local\{CC0A994A-8302-4926-B6C0-5926AB44A016}

2011-10-03 19:02:51 -------- d-----w- C:\Users\Zachary\AppData\Local\{AF45814B-9D77-4D3D-B1B2-36630EC3D8AD}

2011-10-03 18:59:49 -------- d-----w- C:\Users\Zachary\AppData\Local\{D976984D-CFEE-4E03-9D80-3D7029F0229C}

2011-10-02 23:04:33 -------- d-----w- C:\Users\Zachary\AppData\Local\{C47C1028-8944-47E3-8873-5056974C36D9}

2011-10-02 23:04:21 -------- d-----w- C:\Users\Zachary\AppData\Local\{0C00850E-E6CD-4C63-BF48-E7051EC483C9}

2011-10-02 23:04:09 -------- d-----w- C:\Users\Zachary\AppData\Local\{BB6BB89A-5AB7-4BF7-B28F-8033B71E64F1}

2011-10-02 23:00:56 -------- d-----w- C:\Users\Zachary\AppData\Local\{7A87C3BB-1362-458B-AD03-F95479AAC13D}

2011-10-01 17:33:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-01 15:09:44 -------- d-----w- C:\Users\Zachary\AppData\Local\{053D5A4B-F530-4722-B46D-EB374C9A6C02}

2011-10-01 15:09:33 -------- d-----w- C:\Users\Zachary\AppData\Local\{02846EF7-9457-4625-8C0B-2D9ECB4C0886}

2011-10-01 15:09:20 -------- d-----w- C:\Users\Zachary\AppData\Local\{7BE84578-260C-4BE5-9F87-2CBFBB48E6A0}

2011-10-01 15:08:21 -------- d-----w- C:\Users\Zachary\AppData\Local\{8F0FE215-7414-4ACC-B715-5E1FAB357894}

2011-09-30 20:58:35 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-09-30 20:00:34 -------- d-----w- C:\Users\Zachary\AppData\Local\{0966F439-6FC9-45AA-A98B-49E0A1DBF3DE}

2011-09-30 20:00:14 -------- d-----w- C:\Users\Zachary\AppData\Local\{E77F762A-589D-46F6-81A5-150C2640DB9C}

2011-09-30 20:00:03 -------- d-----w- C:\Users\Zachary\AppData\Local\{CFA14025-24B2-4692-8674-EB4C013E880C}

2011-09-30 19:58:39 -------- d-----w- C:\Users\Zachary\AppData\Local\{74E4FE96-7BBF-4EBA-9402-873F24CE7E55}

2011-09-30 00:23:24 -------- d-----w- C:\Users\Zachary\AppData\Local\{144C47F7-A19A-444F-85A5-800DEF68B08F}

2011-09-30 00:23:14 -------- d-----w- C:\Users\Zachary\AppData\Local\{047766DE-F132-4903-8701-654DFC1394D8}

2011-09-30 00:23:04 -------- d-----w- C:\Users\Zachary\AppData\Local\{D31A2EDC-5EEE-45FB-9820-B8EFD72F29BF}

2011-09-30 00:22:41 -------- d-----w- C:\Users\Zachary\AppData\Local\{555C4F39-221E-4B8A-9540-81FCFABC64B8}

2011-09-27 19:04:57 -------- d-----w- C:\Users\Zachary\AppData\Local\{C51C1267-6D0B-4855-9DA6-AF626150E051}

2011-09-27 19:04:46 -------- d-----w- C:\Users\Zachary\AppData\Local\{81D6BE50-7865-4C19-A295-F1E9F87FA6F3}

2011-09-27 19:04:35 -------- d-----w- C:\Users\Zachary\AppData\Local\{98C3DA37-3E77-4C5E-9C66-5B31E89318D4}

2011-09-27 19:04:08 -------- d-----w- C:\Users\Zachary\AppData\Local\{B8F267EE-3578-40B6-BD9D-6E08BBA7B1FD}

2011-09-26 20:39:00 -------- d-----w- C:\Users\Zachary\AppData\Local\{7A60ACAE-CD6D-4E61-A464-0AE4E9A2EBC7}

2011-09-26 20:38:44 -------- d-----w- C:\Users\Zachary\AppData\Local\{4B2A2E22-EB0C-46B7-9481-9893B477AA96}

2011-09-26 20:38:32 -------- d-----w- C:\Users\Zachary\AppData\Local\{86CB05B3-D647-4F89-B99C-3D4F0E7F59BB}

2011-09-26 20:37:56 -------- d-----w- C:\Users\Zachary\AppData\Local\{855FDF8C-4AEE-40D4-85ED-AF515432942E}

2011-09-23 11:11:00 -------- d-----w- C:\Users\Zachary\AppData\Local\{6B259EC1-9AE6-42EE-91B2-1D4C2443A39E}

2011-09-23 11:10:49 -------- d-----w- C:\Users\Zachary\AppData\Local\{6CAED072-64B0-4264-90EB-9AF728A45EC3}

2011-09-23 11:10:32 -------- d-----w- C:\Users\Zachary\AppData\Local\{DB4741A9-CE81-408E-A7E3-C16DBDA34FB3}

2011-09-23 11:10:05 -------- d-----w- C:\Users\Zachary\AppData\Local\{1841BBD2-3537-4118-98DE-05E58B291111}

2011-09-22 19:07:31 -------- d-----w- C:\Users\Zachary\AppData\Local\{2F2EF9E2-BB2D-4309-B5A7-AA5DF263CF4C}

2011-09-22 19:07:20 -------- d-----w- C:\Users\Zachary\AppData\Local\{F0626B24-AAF9-42E4-B8D4-10C022B114B5}

2011-09-22 19:07:10 -------- d-----w- C:\Users\Zachary\AppData\Local\{AF6A92AC-DFB9-49C2-A1DD-3F81C776C095}

2011-09-22 19:06:00 -------- d-----w- C:\Users\Zachary\AppData\Local\{5EE5C05F-1795-4CBF-896D-4E69EB46871E}

2011-09-22 00:41:42 -------- d-----w- C:\.jagex_cache_32

2011-09-21 19:08:17 -------- d-----w- C:\Users\Zachary\AppData\Local\{DB43E768-24B0-426D-BC2C-0DE60CCB6280}

2011-09-21 19:08:07 -------- d-----w- C:\Users\Zachary\AppData\Local\{30104623-C92F-447D-8A53-965EBE2CBBA3}

2011-09-21 19:07:57 -------- d-----w- C:\Users\Zachary\AppData\Local\{06D36C43-7A33-4153-99FB-4328B52A8731}

2011-09-21 19:07:46 -------- d-----w- C:\Users\Zachary\AppData\Local\{CB6829B1-FAA2-49A7-A922-6F2ABDB586A7}

2011-09-20 23:47:50 -------- d-----w- C:\Users\Zachary\AppData\Local\{ECE9FE7B-93F5-43CA-A736-B0BDF9DEF8CF}

2011-09-20 23:47:35 -------- d-----w- C:\Users\Zachary\AppData\Local\{B76F0366-3F6C-4CA6-9095-2B173F1BD8FB}

2011-09-20 23:47:24 -------- d-----w- C:\Users\Zachary\AppData\Local\{112879B0-C2A3-4ABC-A0E8-2E301E084AC5}

2011-09-20 23:46:05 -------- d-----w- C:\Users\Zachary\AppData\Local\{E637567D-B0EC-4572-AC8E-B3B9469C37FF}

2011-09-18 14:54:20 -------- d-----w- C:\Users\Zachary\AppData\Local\{5436303C-847C-4E4F-9D6D-B895AA88D39E}

2011-09-18 14:54:04 -------- d-----w- C:\Users\Zachary\AppData\Local\{C9EA7E21-7186-404D-857D-D7F2E21012BE}

2011-09-18 14:53:49 -------- d-----w- C:\Users\Zachary\AppData\Local\{D3FCC370-C2CB-416F-A612-0BBF4FAFDE24}

2011-09-18 14:51:57 -------- d-----w- C:\Users\Zachary\AppData\Local\{483DE639-01BD-4FFD-8FAC-A217DD896A88}

2011-09-17 20:16:38 -------- d-----w- C:\Users\Zachary\AppData\Local\{CFD2F5C2-7DEC-4976-B859-BF92478708E5}

2011-09-17 20:16:26 -------- d-----w- C:\Users\Zachary\AppData\Local\{910E0287-EA5F-4414-A633-0C642678CCBF}

2011-09-17 20:16:11 -------- d-----w- C:\Users\Zachary\AppData\Local\{21B53295-D31D-420A-984B-F522FFD95541}

2011-09-17 20:15:34 -------- d-----w- C:\Users\Zachary\AppData\Local\{1775FD75-DE66-4649-A8CC-8538DAAFCA07}

2011-09-16 19:07:31 -------- d-----w- C:\Users\Zachary\AppData\Local\{52896995-4688-4B86-9561-45531DD18EA2}

2011-09-16 19:07:17 -------- d-----w- C:\Users\Zachary\AppData\Local\{B958413C-9DA7-4A16-8832-16569ABBEE40}

2011-09-16 19:07:05 -------- d-----w- C:\Users\Zachary\AppData\Local\{57D41067-BF62-47F4-B31D-B453FBF4BB3D}

2011-09-16 19:06:51 -------- d-----w- C:\Users\Zachary\AppData\Local\{38E508CA-D075-41D2-85FB-34ACE6235D3E}

2011-09-16 00:54:07 -------- d-----w- C:\Junk (Question mark)

2011-09-15 21:10:46 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-09-15 21:01:13 -------- d-----w- C:\Users\Zachary\AppData\Roaming\Tific

2011-09-15 21:01:13 -------- d-----w- C:\Users\Zachary\AppData\Local\Tific

2011-09-15 20:33:26 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters

2011-09-15 19:08:46 -------- d-----w- C:\Users\Zachary\AppData\Local\{7E4F692D-8483-4E34-9371-4D1E34F0DC56}

2011-09-15 19:08:34 -------- d-----w- C:\Users\Zachary\AppData\Local\{B21F1B91-4159-4D6B-8978-0F60C508DA9F}

2011-09-15 19:08:23 -------- d-----w- C:\Users\Zachary\AppData\Local\{560FB9A1-CFB6-49BA-9724-937288030950}

2011-09-15 19:08:08 -------- d-----w- C:\Users\Zachary\AppData\Local\{AECD5043-53F5-42C3-A655-DAED426ABD47}

2011-09-14 22:30:07 -------- dc----w- C:\Users\Zachary\AppData\Local\MigWiz

2011-09-14 20:03:54 -------- d-----w- C:\Users\Zachary\AppData\Local\{F51EF5DB-543F-497C-BE35-0F5143C4F0AF}

2011-09-14 20:03:37 -------- d-----w- C:\Users\Zachary\AppData\Local\{4C77FEAE-3992-4F42-BFA7-8EFF5FC70A1C}

2011-09-14 20:03:12 -------- d-----w- C:\Users\Zachary\AppData\Local\{C86DE1BF-E395-46AE-8A25-07A01913C1FB}

2011-09-14 20:02:58 -------- d-----w- C:\Users\Zachary\AppData\Local\{6B3922FD-1926-4318-8E79-871684221B74}

2011-09-14 19:45:20 -------- d-----w- C:\ProgramData\AVSoftware

2011-09-14 19:45:15 -------- dc----w- C:\Users\Zachary\AppData\Local\{7F054190-74CE-4916-B495-D2A3741B4E24}

2011-09-14 19:03:29 -------- d-----w- C:\Users\Zachary\AppData\Local\{F76D289C-4936-4C7B-BC20-9AF5FCC0A143}

2011-09-14 19:03:18 -------- d-----w- C:\Users\Zachary\AppData\Local\{704CA2D6-23B9-4984-B026-731EF96B40F0}

2011-09-14 19:03:04 -------- d-----w- C:\Users\Zachary\AppData\Local\{8939691C-ABB8-448A-8F85-BE49F769E567}

2011-09-14 19:02:03 -------- d-----w- C:\Users\Zachary\AppData\Local\{1BECB7B5-635A-4C83-BF62-F2EAFFD531A0}

2011-09-13 22:21:52 25160 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys

2011-09-13 22:21:09 -------- d-----w- C:\ProgramData\Hitman Pro

2011-09-13 20:50:08 -------- d-----w- C:\b6f2b15761d91f0c8bb4af5f319d8b

2011-09-13 19:13:39 -------- d-----w- C:\Users\Zachary\AppData\Local\{78BDCAC1-4A1A-4320-9EC1-18DB2C777BEF}

2011-09-13 19:13:29 -------- d-----w- C:\Users\Zachary\AppData\Local\{C46184F0-139C-4021-84ED-68F2A783990F}

2011-09-13 19:13:19 -------- d-----w- C:\Users\Zachary\AppData\Local\{85B356D1-1BEC-413B-B6ED-41DB2481BAA7}

2011-09-13 19:13:07 -------- d-----w- C:\Users\Zachary\AppData\Local\{21016582-5846-462C-AD51-F743C2C631B3}

.

==================== Find3M ====================

.

2011-10-07 23:08:29 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-10 03:47:32 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys

2011-09-08 22:32:28 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2011-09-08 22:30:20 525544 ----a-w- C:\windows\System32\deployJava1.dll

2011-08-31 21:00:50 25416 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-08-16 15:12:20 952 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-07-22 05:42:23 2303488 ----a-w- C:\windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 16:53:28.55 ===============

Attach.zip

Attach.txt

DDS.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.